By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

that could be exploited remotely by an attacker to bypass security, gain access to critical files or conduct a denial-of-service attack.

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Errors in the runtime environment could be exploited to write malicious Java Archive (JAR) files and multiple image processing errors could result in buffer overflows. Flaws can also be exploited by an attacker to establish a network connection to download more malware.

There are also multiple flaws in the Java Web Start application. Java Web Start allows users to start Java applications directly from a browser. To exploit the flaws, an attacker has to pass a malicious file through the application. A successful attack could give the attacker the ability "to read, write or execute local files with the privileges of the user running the application," according to an advisory issued by the Danish vulnerability clearinghouse Secunia. Secunia gave the flaws a highly critical rating.

Other errors in Java Web Start can give an attacker the ability to modify system properties and hijack HTTP sessions, Sun said in multiple advisories.

Sun issued updates to its runtime environment and Java SE Development Kits (JDK) to correct the flaws.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy